| |
|
| Download Snort for Windows |
| |
These self-installing executables come with a wizard-driven interface,
where you can select which configuration options to install. Possible
options include: native support for logging to Microsoft SQL Server,
and native support for logging to Oracle.
Note that all versions installed with these downloads already contain support for
logging to MySQL and ODBC databases, as well as running as a native Win32
service.
Downloads are approximately 2.0MB.
|
| |
Snort_232_Build12_Installer.exe
(Mar 10, 2005)
(ChangeLog)
MD5: d97aae0eb8bff9d6232f881c9ef0efbe
SHA1: 82f2ad2cff4f5979366322c5fc437ac47388175b
|
| |
|
| |
Snort_230_Build10_Installer.exe
(Jan 26, 2005)
(ChangeLog)
MD5: 42964701826a2972448f557238cded2e
SHA1: 755bc3555e32e7bbfa4f2aa201dcc80559951cd6
|
| |
|
| |
Snort_220_Build30_Installer.exe
(Aug 11, 2004)
(ChangeLog)
MD5: 15efa98133b6f6a7b6ebb0ac3619b720
SHA1: b73dee01f572ed865b7f2792701ce901e25a19dc
|
| |
|
| |
Snort_213_Build27_Installer.exe
(Jun 02, 2004)
(ChangeLog)
MD5: 15ac56c13f58739acbd6bd19c397c1e9
SHA1: 8493269954514bcc62b088859729ea1605b3fd96
|
| |
|
| |
FAQ Summary
|
|
| Q1: |
|
What is "snort"? |
| A: |
|
Snort is an open-source, multi-platform intrusion detection system. The Snort project homepage
is located at http://www.snort.org/
|
|
| Q2: |
|
I'm having a problem running Snort. What do I do? |
| A: |
|
Step 1. Check the official Snort FAQ.
Step 2. Check the archives of the official Snort
mailing lists.
You probably aren't the first person to experience this problem. Search for an answer here.
Step 3. Snort has a very active community of people who are interested in assisting other Snort users.
Post your question to an appropriate mailing
list.
|
|
| Q3: |
|
Is there a graphical front-end for configuring Snort on Windows? |
| A: |
|
A popular Windows tool is IDScenter.
According to their website: "Snort IDScenter is a GUI for Snort IDS on Windows platforms.
Configuration and management of Snort IDS can be done using IDScenter."
Another Windows tool is IDS Policy Manager. According
to their website: "IDS Policy Manager is a Visual Basic application that was written to
easily manage policies for multiple Snort sensors. It was written to
incorporate features to make managing snort as easy and as powerful as
possible."
|
|
| Q4: |
|
Is there a web-based tool for analyzing intrusions under Windows? |
| A: |
|
The most popular tool for this is ACID. According to
their website: "The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis
engine to search and process a database of security events generated by various
IDSes, firewalls, and network monitoring tools."
Another branch of ACID is named BASE.
BASE (Basic Analysis and Security Engine) attempts to provide more frequent releases of
the tool than ACID is able to provide.
|
|
| Q5: |
|
Where can I get the source code for Snort? |
| A: |
|
The source code is publicly available. It can be downloaded as a whole bundle from
http://www.snort.org/dl/, or you
can access the source code from the CVS
repository.
|
|
| Q6: |
|
What is a "CVS repository"? |
| A: |
|
CVS (Concurrent Versions System) is the
version control system used to manage the Snort source code. A popular Windows
client for CVS is called WinCVS, and can be downloaded from either
http://www.wincvs.org/
or http://cvsgui.sourceforge.net/.
Another popular client is SmartCVS, which runs on
multiple platforms.
|
|
| Q7: |
|
Where can I get the source code for the Windows port of Snort? |
| A: |
|
It's already incorporated in the official Snort source code. See the answer above for
"where can I get the source code for Snort?"
|
|
| Q8: |
|
What is "winpcap"? |
| A: |
|
This is the Windows port of the network packet capture library known as "libpcap".
Snort is built on top of the libpcap functionality, and requires it to be installed for Snort to run.
winpcap can be downloaded from
http://winpcap.polito.it/
|
|
| Q9: |
|
What is "ntwdblib.dll" and where can I get it? |
| A: |
|
This is the Microsoft SQL Server(tm)
client DLL. This library is used by client applications
attempting to establish direct connections to an installation of SQL Server, as opposed to connecting
via ODBC or ADO. It is provided by Microsoft as part of their SQL Server product, and is installed
as part of the SQL Server client package on the SQL Server CD-ROM.
|
|
| Q10: |
|
What hardware is needed/recommended for Snort? |
| A: |
|
This has been discussed many times in the mailing lists. Search the
archives.
Here are some particular threads:
* Handling of a 1 or 2 GB pipe? (Jan 31, 2003)
* Best Enterprise Snort Configuration (Feb 12, 2003)
* hardware requirements (June 26, 2003)
* Snort as Gigabit Sensor (July 24, 2003)
* hardware requirements for snort sensors (July 24, 2003)
* Snort and L2 Cache (Dec 04, 2003)
|
|
| Q11: |
|
Where else can I get Snort executables for Windows? |
| A: |
|
http://www.snort.org/dl/
http://www.winsnort.com/
|
|
| Q12: |
|
Where else can I get information about running Snort on Windows? |
| A: |
|
http://www.snort.org/docs/
http://www.winsnort.com/
|
|
| Q13: |
|
Where can I get general information about Intrusion Detection? |
| A: |
|
http://www.snort.org/docs/
http://www.sans.org/rr/
http://www.insecure.org/tools.html
http://www.sans.org/resources/idfaq/
http://archives.neohapsis.com/
http://securityadmin.info/faqget.asp#firewalltoc
|
|
| Q14: |
|
How can I stop Snort 2.0.1 from printing
"returning! TCP (2) IP (0) UDP (0)"
in my command window? |
| A: |
|
Add the following line to your snort.conf file:
config checksum_mode: none
|
|
| Q15: |
|
Where can I find an ERD for the Snort database schema? |
| A: |
|
|
| |